diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index 80e102db21..a5dedfeebb 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -60,8 +60,15 @@ class acp_main { if ($action === 'admlogout') { - $user->unset_admin(); - redirect(append_sid("{$phpbb_root_path}index.$phpEx")); + if (check_link_hash($request->variable('hash', ''), 'acp_logout')) + { + $user->unset_admin(); + redirect(append_sid("{$phpbb_root_path}index.$phpEx")); + } + else + { + redirect(append_sid("{$phpbb_admin_path}index.$phpEx")); + } } if (!confirm_box(true)) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index ce9e655c11..324946ad80 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3716,7 +3716,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id = // Generate logged in/logged out status if ($user->data['user_id'] != ANONYMOUS) { - $u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout'); + $u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout&hash=' . generate_link_hash('ucp_logout')); $l_login_logout = $user->lang['LOGOUT']; } else diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index ba1584ab82..4baae44c84 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -85,7 +85,7 @@ function adm_page_header($page_title) 'PHPBB_MAJOR' => $phpbb_major, 'U_LOGOUT' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout'), - 'U_ADM_LOGOUT' => append_sid("{$phpbb_admin_path}index.$phpEx", 'action=admlogout'), + 'U_ADM_LOGOUT' => append_sid("{$phpbb_admin_path}index.$phpEx", 'action=admlogout&hash=' . generate_link_hash('acp_logout')), 'U_ADM_INDEX' => append_sid("{$phpbb_admin_path}index.$phpEx"), 'U_INDEX' => append_sid("{$phpbb_root_path}index.$phpEx"), diff --git a/phpBB/ucp.php b/phpBB/ucp.php index 817ea72111..240d9f0741 100644 --- a/phpBB/ucp.php +++ b/phpBB/ucp.php @@ -103,7 +103,7 @@ switch ($mode) break; case 'logout': - if ($user->data['user_id'] != ANONYMOUS && $request->is_set('sid') && $request->variable('sid', '') === $user->session_id) + if ($user->data['user_id'] != ANONYMOUS && check_link_hash($request->variable('hash', ''), 'ucp_logout')) { $user->session_kill(); }